Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 04, 2023

8 Unbelievable Single Board Computer Linux for 2023
Fedora Linux KDE Spin Is Switching to the Calamares Graphical Installer

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability [Ed: The issue here is not SSH but VMware (proprietary)]

↺ PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability
The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.

North Korean Malware Targets Windows, MacOS and Linux [Ed: They do not target the OS; they target gullible admins who install malware.]

↺ North Korean Malware Targets Windows, MacOS and Linux
The VMConnect campaign, spotted in early August, consists of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository, and after observing it for a few weeks ReversingLabs detected three more packages that belong to the VMConnect family.

How DEB Packages Are Backdoored and How to Detect It [Ed: Misleading title; the issue is malware, not how it is packaged]

↺ How DEB Packages Are Backdoored and How to Detect It
Did you know attackers can modify the scripts packaged in a DEB file to gain unauthorized access to your PC? Here's how DEB packages are backdoored.

Security updates for Monday

↺ Security updates for Monday
Security updates have been issued by Debian (thunderbird), Fedora (firefox, kernel, kubernetes, and mediawiki), Mageia (openldap), SUSE (terraform), and Ubuntu (atftp, busybox, and thunderbird).

3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums

↺ 3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums
- More than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis. - 500 login credentials with multiple cleartext passwords as well. - Contact information of 737 people who used the contact us form - 472 records containing PII information of doctors - Database also has the PII information of 91 Doctors along with the information about where they are posted.

SANS

Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)

↺ Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)
A reader submitted a suspicious PDF file. TLDR: it&#&#x3b;x26;#;39;s a defective phishing PDF.
↺ suspicious PDF file
↺ suspicious PDF file

Overview of Content Published in August

↺ Overview of Content Published in August
Here is an overview of content I published in August: Blog posts: Update: sortcanon.py Version 0.0.3 Update: emldump.py Version 0.0.12 Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs Quickpost: PDF/ActiveMime Maldocs YARA Rule SANS ISC Diary entries: PDFiD: False Positives Revisited Analysis of RAR Exploit Files (CVE-2023-38831)

Update: emldump.py Version 0.0.12

↺ Update: emldump.py Version 0.0.12
This update to emldump.py adds a new feature to fix (-F) some obfuscations. For the moment, only one obfuscation method is fixed (many are already ignored with option -f –filter), used in polyglot PDF/Word files. emldump_V0_0_12.zip (http)MD5: 3847B92460C0485E1238C47C29EF9DE1SHA256: AFDFB8E78AE7DE56F50EA73D69705B6DACB425FFBD40D6997D64C7C75E3D8A0D
gemini.tuxmachines.org